Bug 265151

Summary: dns/unbound: Update to 1.16.1
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape
Priority: --- Flags: fernape: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1
Attachments:
Description Flags
patch to update jaap: maintainer-approval+

Description Jaap Akkerhuis 2022-07-11 11:30:51 UTC
Created attachment 235189 [details]
patch to update

This release fixes a number of bugs. The number of nxdomains encountered
when looking up a nameserver is not counted as such when the lookup was
from cache. Also parent side queries are not created when the addresses
are lame or already in cache. This solves lookup problems of domains
with a lot of nxdomains, and that have parent-child differences.

Algorithms that are not supported are disabled when the system OpenSSL
does not provide them, for FIPS OpenSSL installations.

Unbound sets IP_BIND_ADDRESS_NO_PORT socket option on outgoing tcp
sockets to make the port space larger that can be used. The number of
outgoing udp packets is collected in the num.query.udpout statistic.

Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
   sent; introduces 'num.query.udpout' to the 'unbound-control stats'
   command.

Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
   instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
   addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
   blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
   serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
   This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
   responses.
- From #706: Don't generate parent side queries if we already
   have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
   generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
   mode on openssl3.
- Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
   the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
   val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
   one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
   outbound tcp sockets.
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2022-07-12 05:43:39 UTC
Many bugfixes. Should we merge to 2022Q3?
Comment 2 commit-hook freebsd_committer freebsd_triage 2022-07-12 17:51:33 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0046203e3a7db2ee7b37e63cd000cbf87f908d2c

commit 0046203e3a7db2ee7b37e63cd000cbf87f908d2c
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2022-07-12 05:41:29 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-07-12 17:47:33 +0000

    dns/unbound: Update to 1.16.1

    ChangeLog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1

    PR:     265151
    Reported by:    jaap@NLnetLabs.nl (maintainer)
    MFH:    2022Q3 (bugfixes)

 dns/unbound/Makefile  | 2 +-
 dns/unbound/distinfo  | 6 +++---
 dns/unbound/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
Comment 3 Fernando Apesteguía freebsd_committer freebsd_triage 2022-07-12 17:53:28 UTC
Committed and merged to 2022Q3,

Thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-07-12 17:53:35 UTC
A commit in branch 2022Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=65cd0c330dd704a5c9ba2ff30cdcb4f4e1d3dfe1

commit 65cd0c330dd704a5c9ba2ff30cdcb4f4e1d3dfe1
Author:     Jaap Akkerhuis <jaap@NLnetLabs.nl>
AuthorDate: 2022-07-12 05:41:29 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-07-12 17:50:17 +0000

    dns/unbound: Update to 1.16.1

    ChangeLog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1

    PR:     265151
    Reported by:    jaap@NLnetLabs.nl (maintainer)
    MFH:    2022Q3 (bugfixes)

    (cherry picked from commit 0046203e3a7db2ee7b37e63cd000cbf87f908d2c)

 dns/unbound/Makefile  | 2 +-
 dns/unbound/distinfo  | 6 +++---
 dns/unbound/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)